Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-41883 |
|
Vulnerability in org.omnifaces:omnifaces (CVE-2026-41883)
vulnerability in org.omnifaces:omnifaces (CVE-2026-41883). Successful exploitation can lead to full system takeover. Exploitable via ``CDNResourceHandler``. Mitigation: upgrade to `5.2.3` or later.
|
| CVE-2026-29975 |
|
Vulnerability in c (CVE-2026-29975)
vulnerability in c (CVE-2026-29975). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34354 |
|
Vulnerability in privilege-escalation (CVE-2026-34354)
vulnerability in privilege-escalation (CVE-2026-34354). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29972 |
|
Vulnerability in c (CVE-2026-29972)
vulnerability in c (CVE-2026-29972). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41570 |
|
Vulnerability in phpunit/phpunit (CVE-2026-41570)
vulnerability in phpunit/phpunit (CVE-2026-41570). Successful exploitation can lead to full system takeover. Exploitable via ``auto_prepend_file``. Mitigation: upgrade to `13.1.6` or later.
|
| CVE-2026-38361 |
|
Vulnerability in dash-uploader (CVE-2026-38361)
vulnerability in dash-uploader (CVE-2026-38361). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.7.0a1` or later.
|
| CVE-2025-67486 |
|
Vulnerability in dolibarr (CVE-2025-67486)
vulnerability in dolibarr (CVE-2025-67486). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41491 |
|
Path Traversal in github.com/dapr/dapr (CVE-2026-41491)
path traversal in github.com/dapr/dapr (CVE-2026-41491). Confidential information can be exposed externally. Exploitable via ``purell.NormalizeURLString``. Mitigation: upgrade to `1.15.14` or later.
|
| CVE-2026-41493 |
|
Path Traversal in yard (CVE-2026-41493)
path traversal in yard (CVE-2026-41493). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.42` or later.
|
| CVE-2026-25077 |
|
Code Injection in apache (CVE-2026-25077)
code injection in apache (CVE-2026-25077). Successful exploitation can lead to full system takeover.
|
| CVE-2022-50994 |
|
OS Command Injection in CVE-2022-50994 (CVE-2022-50994)
OS command injection in CVE-2022-50994 (CVE-2022-50994). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13836 |
|
Vulnerability in python (CVE-2025-13836)
vulnerability in python (CVE-2025-13836). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.10.20, 3.11.15, 3.12.13, 3.13.11, 3.14.1` or later.
|
| CVE-2026-7330 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7330)
cross-site scripting in wordpress (CVE-2026-7330). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5127 |
|
Unsafe Deserialization in wordpress (CVE-2026-5127)
vulnerability in wordpress (CVE-2026-5127). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4935 |
|
SQL Injection in wordpress (CVE-2026-4935)
SQL injection in wordpress (CVE-2026-4935). Confidential information can be exposed externally.
|
| CVE-2024-53326 |
|
Unsafe Deserialization in deserialization (CVE-2024-53326)
vulnerability in deserialization (CVE-2024-53326). Successful exploitation can lead to full system takeover.
|
| CVE-2024-33288 |
|
SQL Injection in sqli (CVE-2024-33288)
SQL injection in sqli (CVE-2024-33288). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-27686 |
|
Vulnerability in dos (CVE-2024-27686)
vulnerability in dos (CVE-2024-27686). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26522 |
|
Vulnerability in dos (CVE-2022-26522)
vulnerability in dos (CVE-2022-26522). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8133 |
|
Vulnerability in sqli (CVE-2026-8133)
vulnerability in sqli (CVE-2026-8133). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8132 |
|
Vulnerability in sqli (CVE-2026-8132)
vulnerability in sqli (CVE-2026-8132). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8129 |
|
Vulnerability in sqli (CVE-2026-8129)
vulnerability in sqli (CVE-2026-8129). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8130 |
|
Vulnerability in sqli (CVE-2026-8130)
vulnerability in sqli (CVE-2026-8130). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8131 |
|
Vulnerability in sqli (CVE-2026-8131)
vulnerability in sqli (CVE-2026-8131). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43943 |
|
OS Command Injection in electerm (CVE-2026-43943)
OS command injection in electerm (CVE-2026-43943). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.9` or later.
|
| CVE-2026-43940 |
|
Path Traversal in electerm (CVE-2026-43940)
path traversal in electerm (CVE-2026-43940). Successful exploitation can lead to full system takeover. Exploitable via ``runWidget``. Mitigation: upgrade to `3.7.16` or later.
|
| CVE-2026-42275 |
|
Path Traversal in github.com/openziti/zrok (CVE-2026-42275)
path traversal in github.com/openziti/zrok (CVE-2026-42275). Confidential information can be exposed externally. Mitigation: upgrade to `2.0.2` or later.
|
| CVE-2026-42261 |
|
Vulnerability in ssrf (CVE-2026-42261)
vulnerability in ssrf (CVE-2026-42261). Confidential information can be exposed externally. Exploitable via `POST /api/skills/fetch-remote`.
|
| CVE-2026-41900 |
|
OS Command Injection in openlearnx (CVE-2026-41900)
OS command injection in openlearnx (CVE-2026-41900). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.0.3` or later.
|
| CVE-2026-8126 |
|
Vulnerability in sqli (CVE-2026-8126)
vulnerability in sqli (CVE-2026-8126). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8128 |
|
Vulnerability in sqli (CVE-2026-8128)
vulnerability in sqli (CVE-2026-8128). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7541 |
|
Vulnerability in dos (CVE-2026-7541)
vulnerability in dos (CVE-2026-7541). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41105 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-41105)
SSRF in ssrf (CVE-2026-41105). Confidential information can be exposed externally.
|
| CVE-2026-32207 |
|
Cross-Site Scripting (XSS) in microsoft (CVE-2026-32207)
cross-site scripting in microsoft (CVE-2026-32207). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8098 |
|
Vulnerability in sqli (CVE-2026-8098)
vulnerability in sqli (CVE-2026-8098). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42449 |
|
SSRF (Server-Side Request Forgery) in n8n-mcp (CVE-2026-42449)
SSRF in n8n-mcp (CVE-2026-42449). Confidential information can be exposed externally. Exploitable via ``N8NDocumentationMCPServer``. Mitigation: upgrade to `2.47.14` or later.
|
| CVE-2026-42499 |
|
Vulnerability in golang (CVE-2026-42499)
vulnerability in golang (CVE-2026-42499). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-42010 |
|
Vulnerability in gnu (CVE-2026-42010)
vulnerability in gnu (CVE-2026-42010). Confidential information can be exposed externally.
|
| CVE-2025-1978 |
|
Code Injection in hitachi (CVE-2025-1978)
code injection in hitachi (CVE-2025-1978). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44513 |
|
Code Injection in diffusers (CVE-2026-44513)
code injection in diffusers (CVE-2026-44513). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``. Mitigation: upgrade to `0.38.0` or later.
|
| CVE-2026-44827 |
|
Code Injection in diffusers (CVE-2026-44827)
code injection in diffusers (CVE-2026-44827). Successful exploitation can lead to full system takeover. Exploitable via ``DiffusionPipeline.from_pretrained``. Mitigation: upgrade to `0.38.0` or later.
|
| CVE-2026-6973 KEV |
|
[KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-44240 |
|
Vulnerability in basic-ftp (CVE-2026-44240)
vulnerability in basic-ftp (CVE-2026-44240). Risk of unauthorized operations or information disclosure. Exploitable via ``FtpContext._partialResponse``. Mitigation: upgrade to `5.3.1` or later.
|
| CVE-2026-29080 |
|
SQL Injection in rucio (CVE-2026-29080)
SQL injection in rucio (CVE-2026-29080). Successful exploitation can lead to full system takeover. Exploitable via `GET /dids/`. Mitigation: upgrade to `40.1.1` or later.
|
| CVE-2026-20035 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-20035)
SSRF in ssrf (CVE-2026-20035). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33079 |
|
Vulnerability in mistune (CVE-2026-33079)
vulnerability in mistune (CVE-2026-33079). Risk of unauthorized operations or information disclosure. Exploitable via ``LINK_TITLE_RE``. Mitigation: upgrade to `3.2.1` or later.
|
| CVE-2026-29090 |
|
SQL Injection in rucio (CVE-2026-29090)
SQL injection in rucio (CVE-2026-29090). Successful exploitation can lead to full system takeover. Exploitable via `GET /dids/`. Mitigation: upgrade to `40.1.1` or later.
|
| CVE-2026-34282 |
|
Vulnerability in java (CVE-2026-34282)
vulnerability in java (CVE-2026-34282). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491, 11.0.31, 17.0.19, 21.0.11, 25.0.3, 26.0.1` or later.
|
| CVE-2026-21945 |
|
Vulnerability in java (CVE-2026-21945)
vulnerability in java (CVE-2026-21945). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481, 11.0.30, 17.0.18, 21.0.10, 25.0.2` or later.
|
| CVE-2025-7424 |
|
Vulnerability in java (CVE-2025-7424)
vulnerability in java (CVE-2025-7424). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481` or later.
|